Sentinel One, a cybersecurity company, has connected the notorious Russian cybercriminal organization FIN7 with the highly active Black Basta ransomware.
Black Basta was first identified in April 2022; it quickly gained notoriety and is believed to have infiltrated over 90 organizations by September 2022. Analysis of the ransomware operation has shown that the threat actor is building their toolkit internally and may be working with a small number of affiliates. The threat actor is well-organized and well-resourced and does not try to recruit affiliates.
According to Sentinel One, its investigation into Black Basta has also uncovered the use of numerous tools made by one or more FIN7 (also known as Carbanak) developers, indicating a close relationship with the cybercrime organization.